|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Stay one step ahead of the competition. Evaluate and give feedback
on some of the hottest web development tools on the market today.
Make your opinion heard! Click
Here
|
|
#1
August 1st, 2004, 04:43 PM
|
|||
|
|||
|
Problems with my comp :(
Recently i've been having alot of problems with popups and things alike. I also have a error message about RunDLL not being able to run a certain dll.
Heres my hijack this log, any help would be greatl appreciated! Logfile of HijackThis v1.98.1 Scan saved at 5:34:10 PM, on 8/1/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\twain_32\SiPix\SCBlink2\USBPNP.exe C:\Program Files\eTrust\VPN\evpnsvc.exe C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~3\PE\BIN\ETSLAU~1.EXE C:\Program Files\eTrust\VPN\evpnnt.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\VetMsgNT.exe C:\Program Files\Common files\WinTools\WToolsS.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\xcommsvr.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\svchosd.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\D-Tools\daemon.exe C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VetTray.exe C:\Program Files\NuCam Corp\CamCheck\CamCheck.exe C:\documents and settings\cal\local settings\temp\3.exe C:\WINDOWS\system32\pcs\pcsvc.exe C:\Program Files\Common Files\Dpi\dpi.exe C:\WINDOWS\System32\vsfvsk.exe C:\PROGRA~1\INTERN~3\inetmgr.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\System32\amssvr.exe C:\Program Files\Winamp\Winampa.exe C:\documents and settings\cal\local settings\temp\27Q.exe C:\WINDOWS\twain_32\SiPix\SCBlink2\Blink2CW.exe C:\Program Files\Common files\WinTools\WToolsA.exe C:\Documents and Settings\Cal\Application Data\cors.exe C:\WINDOWS\System32\uti3d.exe C:\Program Files\Ares\Ares.exe C:\WINDOWS\System32\NDrv.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Spyware Doctor\spydoctor.exe C:\PROGRA~1\INTERN~3\inetsvc.exe C:\WINDOWS\System32\Gnku.exe C:\WINDOWS\System32\cpsvcst.exe C:\WINDOWS\System32\ataclend.exe C:\Program Files\Common Files\WinTools\WSup.exe C:\Program Files\Computer Associates\eTrust EZ Armor\eTrust EZ Firewall\efpeadm.exe C:\WINDOWS\System32\WxwngMwt.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Free Downloads Accelerator\fdaagent.exe C:\Program Files\StealthBot\StealthBot v2.4R3.exe c:\program files\warcraft iii\war3.exe C:\Program Files\SmartPopupBlocker\SmartPopupBlockerTray.exe C:\WINDOWS\dhsvr.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Cal\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jkyecignhwhyfzitypf.net/wWI9wv8emPhN/Wn_wMnUAoQ1W4fCy5n7rqnd37iV64E.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wueshwfrkydazmmckdz.com/wWI9wv8emPit3TuI5kx/zjxU48kproKJoiUcBJRLjQ6yL89w5DYPQ0u74IcNKZBY.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://look-today.com/passthrough/index.html?http://www.google.com/ R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll F2 - REG:system.ini: Shell=Explorer.exe svchosd.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing) O2 - BHO: (no name) - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - (no file) O2 - BHO: (no name) - {05F1E9EC-D041-CAB6-8872-6CA680056DDB} - C:\PROGRA~1\SETUPG~1\MEETMEOW.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: IEEhncrObj Class - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - C:\WINDOWS\System32\IEEnhancer.dll O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - (no file) O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\fdahlp99.dll O2 - BHO: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Cal\Local Settings\Temp\0of.dll O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - (no file) O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Program Files\Free Downloads Accelerator\fdabar99.dll O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
|
|
#2
August 1st, 2004, 04:44 PM
|
|||
|
|||
|
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Desksite CMA] c:\program files\desksite\bin\cma.exe O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VetTray.exe O4 - HKLM\..\Run: [eTrustCIPE] "C:\Program Files\Computer Associates\eTrust EZ Armor\eTrust EZ Deskshield\PE\BIN\EZDSMain.EXE" O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE O4 - HKLM\..\Run: [SoloSysCheck] C:\PROGRA~1\SRNMIC~1\SYSCHECK.COM O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CamCheck] C:\Program Files\NuCam Corp.\CamCheck\CamCheck.exe O4 - HKLM\..\Run: [Love dash] C:\PROGRA~1\SECOND~1\Bird Phone Jump.exe O4 - HKLM\..\Run: [3] C:\documents and settings\cal\local settings\temp\3.exe O4 - HKLM\..\Run: [5HSAZG64TA8LA#] C:\WINDOWS\System32\VedlMu.exe O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe O4 - HKLM\..\Run: [foxxugsx] C:\WINDOWS\System32\vsfvsk.exe O4 - HKLM\..\Run: [qhgfalkb] C:\WINDOWS\qhgfalkb.exe O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~3\inetmgr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [vs5f3EX] amssvr.exe O4 - HKLM\..\Run: [Trust Software Third Atom] C:\Documents and Settings\All Users\Application Data\ForkDrvTrustSoftware\Mpegprogram.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [27Q] C:\documents and settings\cal\local settings\temp\27Q.exe O4 - HKLM\..\Run: [cpsvcst] C:\WINDOWS\System32\cpsvcst.exe O4 - HKLM\..\Run: [ataclend] C:\WINDOWS\System32\ataclend.exe O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\Adstartup.exe O4 - HKCU\..\Run: [logon.exe] c:\windows\system32\logon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Rnso] C:\Documents and Settings\Cal\Application Data\cors.exe O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe O4 - HKCU\..\Run: [eBupROb7W] uti3d.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe O4 - HKCU\..\Run: [Ultimate Popup Blocker] C:\Program Files\Ultimate Pop-up Blocker\Ultimate Pop-up Blocker.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: eTrust EZ Firewall.lnk = C:\Program Files\Computer Associates\eTrust EZ Armor\eTrust EZ Firewall\efpeadm.exe O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Stop popups from this web page - C:\Program Files\GIANT Company Software inc\PopUp Inspector\denysite.htm O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe O9 - Extra button: PopStop - {451A1C42-3A88-11d5-962E-00207803F0A6} - C:\Program Files\CobraSoft\PopStop\CSIEPopStop.dll O9 - Extra 'Tools' menuitem: &PopStop - {451A1C42-3A88-11d5-962E-00207803F0A6} - C:\Program Files\CobraSoft\PopStop\CSIEPopStop.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/register/wowbeta/si.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\msdhmd.dll thanks again for any help i can get!
|
|
#3
August 1st, 2004, 06:08 PM
|
||||
|
||||
|
First of all... you should of made a more appropriate title for this thread.
Second of all, why the hell do you have so many processes running? Unless you have like 1GB of RAM or don't do anything interesting your machine must run pretty slowly. You have spyware and/or adware on your computer. If you look at the list of processes and see something that looks sort of untrustable or have absolutely no idea what it is, try to get informations on it. For example, the stuff running from the WinTools directory is ****! It's not useful tools as someone may think. It is top class agressive and annoying ad-ware (I had it...  ). What to do about it? Download "spybot search and destroy", run it, and fear no more...
|
|
#4
August 1st, 2004, 06:31 PM
|
|||
|
|||
|
See the funny thing is I run spy bot, adaware, etc. Yet i still have problems.
Thats why i'm posting here to try and get a little help. Right now my problem is a message popups up every 10 secs about a RUNDLL error. So i'm searching for a fix. And sorry about the vague post topic, i wasn't exectly sure what to post. -Fraq
|
|
#5
August 1st, 2004, 07:05 PM
|
||||
|
||||
|
Hmm... I remember re-installing Windows because of stupid spyware. Sometimes your computer gets messed up beyond recovery... So I suggest that you reinstall Windows, and before that you download anything at all, put a good antivirus, get spybot, adaware etc and leave Ad-Watch running to see if anything is trying to mess up your computer. But I'm really paranoid with my computer since its the most expensicve thing I've every payed for. So I usually run spybot after each program I install and also I scan every single file I download before opening it. Even if I am very careful I still have 2-3 bad cookies per day. (I run spybot every night...)
|
|
#6
August 1st, 2004, 07:20 PM
|
|||
|
|||
|
(^^;(This thread will be moved to spywareforum by Edwin.)
You can get instructions about which items should be deleted. Here one word from Windows Help. After spybot and ad-aware you got this result. Probably your system has many defects now, of course registry is mostly vermiculated. System restore is unavailable now, because it revives spyware. You may come back here, but then we cannot but advising you clean install. In its early stage, we can delete spyware manually and repair system. But it may be too late.
|
|
#7
August 1st, 2004, 07:59 PM
|
|||
|
|||
|
Ok, i've been cleaning up my comp with varius spyware removers.
So here is my new Hijack log. Logfile of HijackThis v1.98.1 Scan saved at 8:59:14 PM, on 8/1/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\twain_32\SiPix\SCBlink2\USBPNP.exe C:\Program Files\eTrust\VPN\evpnsvc.exe C:\Program Files\eTrust\VPN\evpnnt.exe C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~3\PE\BIN\ETSLAU~1.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\VetMsgNT.exe C:\Program Files\Common files\WinTools\WToolsS.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\xcommsvr.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\svchosd.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VetTray.exe C:\Program Files\Common Files\Dpi\dpi.exe C:\WINDOWS\System32\vsfvsk.exe C:\WINDOWS\System32\amssvr.exe C:\Program Files\Winamp\Winampa.exe C:\documents and settings\cal\local settings\temp\27Q.exe C:\Program Files\Common files\WinTools\WToolsA.exe C:\Documents and Settings\Cal\Application Data\cors.exe C:\WINDOWS\System32\NDrv.exe C:\Program Files\Spyware Doctor\spydoctor.exe C:\WINDOWS\System32\mdial32c.exe C:\WINDOWS\System32\ardsc.exe C:\Program Files\Common Files\WinTools\WSup.exe C:\WINDOWS\System32\IrqY.exe C:\Program Files\Computer Associates\eTrust EZ Armor\eTrust EZ Firewall\efpeadm.exe C:\WINDOWS\System32\Gnku.exe C:\Program Files\Free Downloads Accelerator\fdaagent.exe c:\progra~1\intern~1\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\dhsvr.exe C:\Program Files\Yahoo!\Messenger\YPager.exe C:\PROGRA~1\INTERN~3\inetmgr.exe C:\PROGRA~1\INTERN~3\inetsvc.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Cal\Desktop\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yiypeljnbxk.com/wWI9wv8emPit3TuI5kx/zjxU48kproKJoiUcBJRLjQ5AOEsNfD40VEu74IcNKZBY.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= F2 - REG:system.ini: Shell=Explorer.exe svchosd.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing) O2 - BHO: Browser - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - C:\PROGRA~1\INTERN~3\inetkw.dll O2 - BHO: (no name) - {05F1E9EC-D041-CAB6-8872-6CA680056DDB} - C:\PROGRA~1\SETUPG~1\MEETMEOW.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: IEEhncrObj Class - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - C:\WINDOWS\System32\IEEnhancer.dll O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - (no file) O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\fdahlp99.dll O2 - BHO: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Cal\Local Settings\Temp\0of.dll O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Desksite CMA] c:\program files\desksite\bin\cma.exe O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VetTray.exe O4 - HKLM\..\Run: [eTrustCIPE] "C:\Program Files\Computer Associates\eTrust EZ Armor\eTrust EZ Deskshield\PE\BIN\EZDSMain.EXE" O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE O4 - HKLM\..\Run: [SoloSysCheck] C:\PROGRA~1\SRNMIC~1\SYSCHECK.COM O4 - HKLM\..\Run: [5HSAZG64TA8LA#] C:\WINDOWS\System32\HnvnCv.exe O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe O4 - HKLM\..\Run: [foxxugsx] C:\WINDOWS\System32\vsfvsk.exe O4 - HKLM\..\Run: [qhgfalkb] C:\WINDOWS\qhgfalkb.exe O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~3\inetmgr.exe O4 - HKLM\..\Run: [vs5f3EX] amssvr.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [27Q] C:\documents and settings\cal\local settings\temp\27Q.exe O4 - HKLM\..\Run: [mdial32c] C:\WINDOWS\System32\mdial32c.exe O4 - HKLM\..\Run: [ardsc] C:\WINDOWS\System32\ardsc.exe O4 - HKLM\..\Run: [Love dash] C:\PROGRA~1\SECOND~1\Bird Phone Jump.exe O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKCU\..\Run: [logon.exe] c:\windows\system32\logon.exe O4 - HKCU\..\Run: [Rnso] C:\Documents and Settings\Cal\Application Data\cors.exe O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: eTrust EZ Firewall.lnk = C:\Program Files\Computer Associates\eTrust EZ Armor\eTrust EZ Firewall\efpeadm.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/register/wowbeta/si.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\msdhmd.dll Thanks for any help. -Fraq
|
|
#8
August 2nd, 2004, 04:43 AM
|
||||
|
||||
|
Quote:
Sure will  Thread moved. You also appeared to have another thread in this forum: http://forums.devshed.com/showthread.php?t=170604 Just keep everything in the one thread. I've closed this for the time being.
|
|
#9
August 2nd, 2004, 01:47 PM
|
|||
|
|||
|
I don't think users should be telling people to reinstall windows if they are unsure of how to remove spyware and the like. It's very rare that a machine can't be cleaned-up.
fraq, I'm taking a look at your log now and will advise shortly. Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting!
|
|
#10
August 2nd, 2004, 01:50 PM
|
|||
|
|||
|
Thanks a bunch Tom, I've been doing alot of cleaning up of my comp lately. I'm also going to be not so lazy with it, to try and prevent stuff like this happening again.
Just learning from my mistakes, -Fraq
|
|
#11
August 2nd, 2004, 01:55 PM
|
|||
|
|||
|
Hey Fraq,
Let's start out with a couple of online scans. Choose two from the following list and scan your computer: Trend Micro Housecall http://housecall.trendmicro.com/ Panda Active Scan www.pandasoftware.com/activescan/activescan Bitdefender http://www.bitdefender.com/scan/licence.php eTrust AV web scanner (Computer Associates) http://www3.ca.com/virusinfo/virusscan.aspx RAV Antivirus Online Scan http://www.ravantivirus.com/scan/ Please post your results and post a fresh HijackThis log, Tom
|
|
#12
August 2nd, 2004, 02:28 PM
|
|||
|
|||
|
Alright Tom, I ran the BitDefender scan and it deleted quite a bit of files. Heres my hijack this log. Logfile of HijackThis v1.98.1 Scan saved at 3:28:03 PM, on 8/2/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\twain_32\SiPix\SCBlink2\USBPNP.exe C:\Program Files\eTrust\VPN\evpnsvc.exe C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~3\PE\BIN\ETSLAU~1.EXE C:\Program Files\eTrust\VPN\evpnnt.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\VetMsgNT.exe C:\Program Files\Common files\WinTools\WToolsS.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\xcommsvr.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\svchosd.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VetTray.exe C:\Program Files\Common Files\Dpi\dpi.exe C:\WINDOWS\System32\vsfvsk.exe C:\Program Files\Winamp\Winampa.exe C:\documents and settings\cal\local settings\temp\27Q.exe C:\Program Files\Common files\WinTools\WToolsA.exe C:\WINDOWS\System32\runaee.exe C:\Documents and Settings\Cal\Application Data\cors.exe C:\WINDOWS\System32\NDrv.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Spyware Doctor\spydoctor.exe C:\Program Files\Ares\Ares.exe C:\WINDOWS\System32\isrpack.exe C:\Program Files\Computer Associates\eTrust EZ Armor\eTrust EZ Firewall\efpeadm.exe C:\WINDOWS\System32\dbcjt32o.exe C:\WINDOWS\System32\YslJopex.exe C:\Program Files\Common Files\WinTools\WSup.exe C:\WINDOWS\System32\sdxmm.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\System32\WxwngMwt.exe C:\Program Files\Free Downloads Accelerator\fdaagent.exe C:\WINDOWS\dhsvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\StealthBot\StealthBot v2.4R3.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\SmartPopupBlocker\SmartPopupBlockerTray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Cal\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://look-today.com/passthrough/index.html?http://www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.tikjkoxmwrzxaxhqukwmtg.info/wWI9wv8emPit3TuI5kx/zjxU48kproKJoiUcBJRLjQ6MjCmuokgGAku74IcNKZBY.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll F2 - REG:system.ini: Shell=Explorer.exe svchosd.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - (no file) O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing) O2 - BHO: (no name) - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - (no file) O2 - BHO: (no name) - {05F1E9EC-D041-CAB6-8872-6CA680056DDB} - C:\PROGRA~1\SETUPG~1\MEETMEOW.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll O2 - BHO: IEEhncrObj Class - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - C:\WINDOWS\System32\IEEnhancer.dll O2 - BHO: CDnsRepObj Object - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msglji.gif O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - (no file) O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - (no file) O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\fdahlp99.dll O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msfaol.dll O2 - BHO: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Cal\Local Settings\Temp\0of.dll O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Desksite CMA] c:\program files\desk |
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
